SuSE linux activates the firewall at install time, you can use Yast (an exceptional graphical configuration tool) to configure it afterwards.
The desktop setup will not install any dangerous server software (turning off ftp? if you don't need it why did it ever get installed?). You can always use Yast to add and configure these packages later if you find you need them, and it will automatically open only the required ports in the firewall.
Automatic updates are handled by YOU (Yast Online Update) which can be enabled in fully automatic mode, or with a system tray icon that is green when you're up to date, yellow if non critical updates are available and red for critical updates.
I've tried many linux distros, for those who prefer to avoid the command line SuSE is my winner by a mile. Maybe you should look at that, or another Norton distro, like SLES, if you need the enterprise versions for work.
Posted by: Paul Howie at July 8, 2005 02:37 AM
Thanks Paul. In my case, I'm in the opposite camp: command line all the way. These are remotely hosted servers, and everything is via ssh, and any installed web-based control panels.
My experience with SuSE was only "OK". I personally find Debian a little more intuitive to setup and run, and more compatible with more of the hardware I had at the time I tried it all.
Posted by: Leo at July 8, 2005 08:45 AM
Leo,
Everyone here seems to agree on the firewall issue, you can easily enable firewall at install time in nearly every mainstream distribution, RedHat since there 7 series if I remember correctly. You choose from a simple list of services to open up. Your done. (tweaking is always good no matter what OS you use)
I would like to encourage you to do one thing in your laundry list. Remember, when working with a distribution, that is what you are reviewing, a distribution, not Linux in general.
We have given you a list of alternative distributions to go after. If you are locked down to RedHat Enterprise or Debian, you have to write from a perspective that these don't cut it for you. Believe me, there are allot of choices, and that is the point in the Linux world. There has to be one that fits your needs. Try and be a little flexible on it.
I would highly recommend getting a system and installing all the distributions we have suggested to you. See which one fits the bill for you. I think everyone here has been helpful with giving you a good place to start. Hope it all works out for you.
Posted by: KryptonianSon at July 8, 2005 11:22 AM
Oh Leo, one more thing. I noticed you mentioned you use ssh and web based control panels. I am sure you are aware of it, but I will state it anyway. Take a look at www.webmin.com. Webmin is one of the best web based control panels you can find. And it has a great developer, Jamie Cameron who is VERY responsive to feedback. It is very mature and makes allot of tasks very easy to perform, including firewall configuration. Have a look.
Posted by: KryptonianSon at July 8, 2005 11:28 AM
Thanks again, KryptonianSon. In this case my customer's not really interested in learning yet another web admin tool (having been through Ensim and cPanel). We're settled on cPanel, which has done reasonably well by us, *if* you're also aware of what it *doesn't* do (which fed my frustration in the first place). I also use Plesk on one of my servers.
I've heard good things about Webmin, but I also just checked, and it's not offered by the server farm we're dealing with.
Thanks again.
Posted by: Leo at July 9, 2005 08:42 AM
Gentoo... add the use flag "hardened" ... and take a look at the handfull of hardening apps in portage. Portage does almost all the legwork for you.
While Gentoo is non-trivial to install... it makes almost everything post-install trivial if you use portage correctly.
Posted by: georgia_tech_swagger at July 9, 2005 01:04 PM
i love linux
but presently my headache was how to use ssh or telnet coz right now im using mysql database
and working inside root directory which is not common
somebody can help me to solve this problem
(im only using one computer ((server/client)itself))
or just give me some idea on how to use mysql in client side
i dont even know how to connect to server side (
im using mandrake linux 10.1
thanx
geo
Posted by: g que at August 23, 2005 09:18 PM
I guess I'm having a tough time understanding your question. Could you clarify?
Posted by: Leo at August 26, 2005 08:05 PM
i have just installed a linux mandriva 2005 & i cant seem to turn it off.
the only option i have is to log out which doesnt turn off the system.
•
SuSE linux activates the firewall at install time, you can use Yast (an exceptional graphical configuration tool) to configure it afterwards.
The desktop setup will not install any dangerous server software (turning off ftp? if you don't need it why did it ever get installed?). You can always use Yast to add and configure these packages later if you find you need them, and it will automatically open only the required ports in the firewall.
Automatic updates are handled by YOU (Yast Online Update) which can be enabled in fully automatic mode, or with a system tray icon that is green when you're up to date, yellow if non critical updates are available and red for critical updates.
I've tried many linux distros, for those who prefer to avoid the command line SuSE is my winner by a mile. Maybe you should look at that, or another Norton distro, like SLES, if you need the enterprise versions for work.
Posted by: Paul Howie at July 8, 2005 02:37 AMThanks Paul. In my case, I'm in the opposite camp: command line all the way. These are remotely hosted servers, and everything is via ssh, and any installed web-based control panels.
My experience with SuSE was only "OK". I personally find Debian a little more intuitive to setup and run, and more compatible with more of the hardware I had at the time I tried it all.
Posted by: Leo at July 8, 2005 08:45 AMLeo,
Everyone here seems to agree on the firewall issue, you can easily enable firewall at install time in nearly every mainstream distribution, RedHat since there 7 series if I remember correctly. You choose from a simple list of services to open up. Your done. (tweaking is always good no matter what OS you use)
I would like to encourage you to do one thing in your laundry list. Remember, when working with a distribution, that is what you are reviewing, a distribution, not Linux in general.
We have given you a list of alternative distributions to go after. If you are locked down to RedHat Enterprise or Debian, you have to write from a perspective that these don't cut it for you. Believe me, there are allot of choices, and that is the point in the Linux world. There has to be one that fits your needs. Try and be a little flexible on it.
I would highly recommend getting a system and installing all the distributions we have suggested to you. See which one fits the bill for you. I think everyone here has been helpful with giving you a good place to start. Hope it all works out for you.
Posted by: KryptonianSon at July 8, 2005 11:22 AMOh Leo, one more thing. I noticed you mentioned you use ssh and web based control panels. I am sure you are aware of it, but I will state it anyway. Take a look at www.webmin.com. Webmin is one of the best web based control panels you can find. And it has a great developer, Jamie Cameron who is VERY responsive to feedback. It is very mature and makes allot of tasks very easy to perform, including firewall configuration. Have a look.
Posted by: KryptonianSon at July 8, 2005 11:28 AMThanks again, KryptonianSon. In this case my customer's not really interested in learning yet another web admin tool (having been through Ensim and cPanel). We're settled on cPanel, which has done reasonably well by us, *if* you're also aware of what it *doesn't* do (which fed my frustration in the first place). I also use Plesk on one of my servers.
I've heard good things about Webmin, but I also just checked, and it's not offered by the server farm we're dealing with.
Thanks again.
Posted by: Leo at July 9, 2005 08:42 AMGentoo... add the use flag "hardened" ... and take a look at the handfull of hardening apps in portage. Portage does almost all the legwork for you.
While Gentoo is non-trivial to install... it makes almost everything post-install trivial if you use portage correctly.
Posted by: georgia_tech_swagger at July 9, 2005 01:04 PMAll: I've added an article that is the laundry list I used: http://ask-leo.com/how_should_i_set_up_my_linux_web_server.html
Posted by: Leo at July 24, 2005 07:04 PMi love linux
but presently my headache was how to use ssh or telnet coz right now im using mysql database
and working inside root directory which is not common
somebody can help me to solve this problem
(im only using one computer ((server/client)itself))
or just give me some idea on how to use mysql in client side
i dont even know how to connect to server side (
im using mandrake linux 10.1
thanx
geo
Posted by: g que at August 23, 2005 09:18 PMI guess I'm having a tough time understanding your question. Could you clarify?
Posted by: Leo at August 26, 2005 08:05 PMi have just installed a linux mandriva 2005 & i cant seem to turn it off.
Posted by: yomi at April 10, 2006 03:50 AMthe only option i have is to log out which doesnt turn off the system.